Informal chairs' summary - 11 July 2013
Many thanks to Frank Dawson for providing us with an excellent overview of the Specification Privacy Assessment document.
Thanks very much to Joe Hall and Nick Doty for scribing.
The next call will be on 22 August 2013 at the usual time.
* Discussion of privacy guidance documents
The chairs noted that the progress on these documents has not moved forward as quickly as anticipated due to the workload of the Tracking Protection WG, in which many PING members participate.
- Fingerprinting Guidance for Specification Authors [Editor: Nick Doty]
[1] http://w3c.github.io/fingerprinting-guidance/
Nick Doty has made excellent progress on this document, which is intended to serve as guidance for specification authors about the privacy implications of browser fingerprinting. We discussed the fingerprintability of User Agent Strings and the possibility of identifying a user over time with a UA string plus IP address. It was proposed that PING gather use cases for UA strings (e.g. device optimisation) and consider in which circumstances their fingerprintability could be reduced. In particular, given that the entropy and fingerprintability of these strings has increased with their complexity, how might we reasonably reduce the fingerprintability without impairing their usefulness?
One suggestion was to decrease diversity that does not affect functionality. However, it was also noted that in the mobile area, US strings are widely used to understand what kind of device is being used as well as for access and authentication, so â€œit seems the horse if out of the barnâ€